1.SAMBA服务的介绍
后台的进程:smbd
使用的端口号:139,445
配置文件:/etc/samba/smb.conf (全局参数设置/共享目录)
2.服务的安装及配置
yum search samba #查看从哪个包里安装的
yum install samba -y #安装SAMBA服务
systemctl restart smb #重启服务
netstat -antulp | grep smb #查看服务的端口及其他
firewall-cmd --permanent --add-service=samba #防火墙添加Samba服务
firewall-cmd --reload
mkdir /share{1..3} #创建几个共享目录
touch /share1/file{1..9}
touch /share2/file{21..29}
touch /share3/file{31..39}
man semanage-fcontext
semanage fcontext -a -t samba_share_t "/share1/(/.*)?" #修改文件的上下文
semanage fcontext -a -t samba_share_t "/share2/(/.*)?"
semanage fcontext -a -t samba_share_t "/share3/(/.*)?"
restorecon -vFR /web
getsebool -a | grep samba
setsebool -P samba_enable_home_dirs on #设置布尔值
setsebool -P samba_export_all_rw on
chmod o+w /share1/ #文件夹可以让他人写入
chmod o+w /share2/
chmod o+w /share3/
或者
setacl -m u:user1:rwx -R /share1 #setacl
setacl -m u:user2:rwx -R /share2
setacl -m u:user3:rwx -R /share3
vim /etc/samba/smb.conf
workgroup=WORKGROUP #工作组
server string = han samba server #显示的信息
hosts all = 192.168.100.0/24 except 192.168.100.2 #访问控制
hosts deny = 192.168.100../24 except 192.168.100.2
3.无密码访问
vim /etc/samba/smb.conf
security = share #不要密码的,企业一般不用
[hanshare1] #共享目录的配置
comment= this is hanshare
path=/share1
public=yes #share yes || user no
browseable=yes
writable=yessystemctl restart smb.service
linux客户端的访问
yum install samba-client cifs-utils -y #安装Samba客户端
smbclient -L //192.168.100.1
smbclient //192.168.100.1/hanshare1
ls #列出
put #上传
get #下载
prompt mget * #批量下载
4.用户和密码访问
useradd user1 -s /sbin/nologin
useradd user2 -s /sbin/nologin
useradd user3 -s /sbin/nologin
man smbpasswd
smbpasswd -a user1
smbpasswd -a user2
smbpasswd -a user3
vim /etc/samba/smb.conf
security = user
[share1] #谁都可以访问
conment = this is share1
path = /share1
public = no
browseable = yes
writable = yes
[share2]
conment = this is share2
path = /share2
public = no
browseable = yes
writable = no
write list = user1 #谁都能访问,只有user1可以写
[share3]
conment = this is share3
path = /share3
public = no
browseable = yes
writable = no
write list = user1 #只有user1可以访问
valid users = user1 #多用户,或者组(user1,user2,@caiwubu)
systemctl restart smb
windows客户端的连接
\\192.168.100.1
net use * /del #清除缓存
Linux客户端挂载(四种挂载方式,两类)
(1)mount -t cifs -o username=user1,passwd=user1 //192.168.100.1/share1 /mnt/share1/
(2)mount -o username=user1 //192.168.100.1/share1 /mnt/share1/
(3)vim /etc/filename #把用户和密码写在一个文件里
user=user1
passwd=user1
vim /etc/fstab
//192.168.100.1/share1 /mnt/share1 cifs credentials=/etc/filename 0 0 #验证的时候去找/etc/filename这个文件
(4)vim /etc/fstab
//192.168.100.1/share1 /mnt/share1 cifs username=user1,password=user1 0 0 #在挂载文件里直接写入用户和密码
vim /var/log/samba/* #日志文件
5.每个用户单独一个配置文件(每个用户只能访问自己的文件夹)
vim /etc/samba/smb.conf
config file = /etc/samba/smb.conf.%U #在配置文件的全局配置中添加一条这个命令
cp /etc/samba/smb.conf /etc/samba/smb.conf.user3
vim /etc/samba/smb.conf.user3 #配置每个用户的单独的配置文件
删除config file = /etc/samba/smb.conf.%U #在每个用户里删除刚才添加的那条命令
[share3]
comment=this is share3
path=/share3
public =no
browseable = yes
writable = yes
客户端连接
smbclicent -L //192.168.100.1 -U user3
smbclicent //192.168.100.1/share3 -U user3 #其他用户无法登入进来
6.多用户分级(rhel7新增加的功能multiuser)
vim /etc/samba/smb.conf
[share1]
comment = this is share1
path = /share1
public =no
browseable = yes
writable = no
write list = user1
valid user = user1 user2
Linux客户端
挂载方式(有三种)
(1)vim /han.txt #用户名和密码的文件
username=user1
password=user1
mount -o multiuser , credentials=/han.txt , sec=ntlmssp //192.168.100.1/share1 /mnt/share1
(2)mount -o multiuser,user=user1,sec=ntlmssp //192.168.100.1/share1 /mnt/share1/
(3)vim /etc/fstab
//192.168.100.1/share1 /mnt/share1 cifs defaults , multiuser , credentials=/han.txt , sec=ntlmssp 0 0
mount -a
ll /mnt/share1/
useradd user1 #客户端创建三个和服务器端相同的用户
useradd user2
useradd user3
su user1 #用户自己就有权限挂载使用
cifscreds add 192.168.100.1
ll /mnt/share1
touch /mnt/share1/666
ll /mnt/share1/
su - user2
cifscreds add 192.168.100.1
ll /mnt/share1
touch /mnt/share1/888
su - user3
ll /mnt/share1